CVE-2012-3825

Wireshark - Numeric Error

Title source: rule

Description

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

Exploits (1)

exploitdb WORKING POC

dosmultiple

https://www.exploit-db.com/exploits/18919

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://www.wireshark.org/security/wnpa-sec-2012-08.html

[Vendor Advisory] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121

[Vendor Advisory] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15478

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027094

[Third Party Advisory] http://secunia.com/advisories/49226

Scores

EPSS 0.0202

EPSS Percentile 83.8%

Details

CWE

CWE-189

Status published

Products (22)

wireshark/wireshark 1.4.0

wireshark/wireshark 1.4.1

wireshark/wireshark 1.4.2

wireshark/wireshark 1.4.3

wireshark/wireshark 1.4.4

wireshark/wireshark 1.4.5

wireshark/wireshark 1.4.6

wireshark/wireshark 1.4.7

wireshark/wireshark 1.4.8

wireshark/wireshark 1.4.9

... and 12 more

Published Jun 30, 2012

Tracked Since Feb 18, 2026